Get Schooled, a New York-based charity suffered a data exposure that left records related to hundreds of thousands of students in an unsecured AWS bucket that was open and accessible from the internet.
The exposure was first identified by TurgenSec, a security firm based in the United Kingdom, that received a submission from an anonymous third-party that contained data claiming to be from a misconfigured AWS storage bucket used by Get Schooled. The authenticity of the exposure was eventually confirmed by TurgenSec security analysts, and they notified the nonprofit on November 18. Get Schooled has confirmed the exposure to SC Media and other outlets and that the misconfiguration was fixed on Dec. 21 before staff left for the holidays.
Get Schooled was started in 2009 and provides educational resources, research and assistance to students during the college application process, their university tenures and post-college job hunting. The exposed data included details related to students who engaged with the nonprofit, including names, emails, age, gender, their high school or college and graduation data. In some cases, physical addresses and phone numbers were also exposed.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.